The government-led watchdog set up to vet Huawei products has given a damning report on the cyber security risks posed by the Chinese company’s involvement in the British telecommunications industry.
The annual report published by the Huawei oversight board, which is chaired by the head of GCHQ’s National Cyber Security Centre, said it has found further “significant technical issues in Huawei’s engineering processes leading to new risks in the UK telecommunications networks”.
The 46-page report did not call for a ban on Huawei’s equipment being used in the roll-out of next-generation 5G networks, which critics say could be exploited to allow Beijing to spy on communications in the UK. Huawei denies the accusations.
The watchdog said Huawei had made “no material progress” in addressing security flaws identified in last year’s report and raised serious doubts about the Chinese company’s ability to deliver a $2bn programme to address concerns previously raised by the UK watchdog.
“At present, the oversight board has not yet seen anything to give it confidence in Huawei’s capacity to successfully complete the elements of its transformation programme that it has proposed as a means of addressing these underlying defects,” the report said. “[Our] work has continued to identify concerning issues in Huawei’s approach to software development bringing significantly increased risk to UK operators.”
The report casts doubt on whether UK operators should be involved with Huawei over the future roll-out of telecommunications networks.
“It will be difficult to appropriately risk-manage future products in the context of UK deployments, until the underlying defects in Huawei’s software engineering and cyber security processes are remediated,” the report said.
The US has put increasing pressure on the UK and other countries to stop Huawei from being involved in the roll-out of future 5G networks. Countries including New Zealand and Australia have stopped Huawei from being involved, citing national security concerns.
The report said that last year “several hundred vulnerabilities and issues” were reported to UK operators to inform the risk management of their networks. The report said the National Cyber Security Centre does not believe the defects identified in Huawei equipment “are the result of Chinese state interference”.
An NCSC spokesman said: “Huawei’s presence in the UK is subject to detailed, formal oversight. This report illustrates above all the need for improved cyber security in the UK telecoms networks.”
The annual report does not suggest the UK networks are more vulnerable than in 2017.
“The report details some concerns about Huawei’s software engineering capabilities,” a spokesman for Huawei said. “We understand these concerns and take them very seriously. The issues identified in the report provide vital input for the ongoing transformation of our software engineering capabilities.”
A final decision on Huawei’s involvement in the roll-out of the UK’s 5G networks is likely to be part of a government review of the telecoms market and infrastructure, which is due to be published in coming weeks.